HIMSS: Increased HIPAA Compliance Has Yet to Increase Data Security

Staff -
Heightened focus on HIPAA compliance has not resulted in better data security for the healthcare industry, according to the "2012 HIMSS Analytics Report: Security of Patient Data" report by Kroll Advisory Solutions, a risk mitigation and response company.

The report is the third installment in a bi-annual survey of healthcare providers nationwide. A total of 250 healthcare professionals participated in the study. The professionals included health information management directors, compliance officers, senior IT executives, privacy officers and chief security officers.

According to the report, there has been an increase in data breaches over the last six years despite strict regulations for reporting and auditing data. Findings from the survey revealed that healthcare organizations felt more prepared to confront data security risks in 2012 but data breaches were still common:

•    Healthcare organizations gave themselves a 6.40 rating on a scale of 1 to 10 with 10 being extremely prepared;
•    Ninety-six percent of respondents reported conducting a formal risk analysis in the past 12 months;
•    Twenty-seven percent of respondents reported a security breach in the past 12 months;
•    Sixty-nine percent of respondents reported more than one security breach in the past 12 months.

Human error remains the greatest threat to data security. Mobility and a lack of data ownership from executives are the two biggest threats behind human error. In 2012, 79 percent of respondents reported that an employee caused a security breach. Yet, only half of respondents required proof of employee training on data security policies. The mobility of patient data is also a leading factor in security breaches. Thirty-one percent of respondents indicated that information available on a mobile device was a factor in data breaches. Finally, when respondents were asked who is primarily responsible for patient data, responses ranged dramatically:

•    Health information management director — 21 percent;
•    CIO — 19 percent;
•    Chief privacy officer, chief compliance officer and CEO — 12 percent each;
•    Chief security officer — 10 percent.

More Articles on Patient Data Security:

St. Elizabeth’s Medical Center Notifies Nearly 7K Patients of Data Breach
Utah Medicaid Data Breach Worsens; Nearly 182K Individuals Affected
Guidelines to Safeguard Healthcare Data, Avoid Loss

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.